The Homeland Security Presidential Directive 12 (HSPD-12) required the National Institute of Standards and Technology (NIST) to issue a Federal Information Processing Standard (FIPS-201) for secure and reliable forms of identification. The FIPS-201 standard, entitled Personal Identity Verification (PIV) for Federal Employees and Contractors, specifies the architecture and technical requirements for a common identification standard, including components, interfaces, support services, and life cycle management functions. The FIPS-201 standard also supports interoperability among identification cards, electronic card readers, communications systems, and access control system interfaces.
The FIPS-201 standard indicates that federal policy is to issue smartcards for both logical and physical access to federal spaces, without waiver, for all federal agencies and their contractors. The Office of Management and Budget (OMB) requires implementation plans for each agency, with required personnel vetting processes and procedures. OMB also requires that PIV smartcards replace all new or refreshed identification (ID) cards, with all physical access systems to be updated.
All employees and contractors of Federal Agencies are required under the FIPS-201 standard to possess a PIV smartcard. Unfortunately, the PIV smartcard contains only short-range radio frequency (RF) capability for physical access, and contains no capability for reading and verifying biometrics to enable logical and physical access at a distance.
Current technologies have capabilities for medium-range (100-300 ft) physical access and logical access and for reading biometrics to enable access at a distance. However, these current technologies require the establishment and maintenance of an identity management regime.
In order to meet the FIPS-201 standard, the PIV smartcard may need to be carried in a holder that is Radio Frequency (RF) opaque, so that the card cannot be involuntarily accessed. Such access may be both a security and a privacy violation. As a result, the PIV smartcard must be removed from the RF opaque sleeve for PIV registration functions at each new building for physical access at any proximity card reader, e.g. an International Organization for Standardization (ISO) 14443 type card reader, or electronic door opener. Similarly, removal of the PIV smartcard is required for logical access that requires the ability to insert the smartcard into a reader to logically assess on the network. Removing the PIV card frequently causes wear and tear on the sensitive smart chip contacts, and provides great opportunity for the PIV smartcard to be left in a reader or inadvertently lost. When exiting a secure space, the owner may be locked out if he or she forgets the PIV smartcard. An opportunity exists for a thief to access the network when the PIV smartcard is accidentally left in the reader. Each network access exposes the sensitive PIN, so that electronic snooping or shoulder surfing can expose the PIN, allowing a stolen PIV smartcard to be used. These special problems need to be addressed by providing long-range logical and physical access and biometrics enablement of a PIV smartcard.